Breadcrumb
  1. Training
  2. Education & Training Catalog
  3. CDW
  4. Event Monitoring and Incident Detection

Event Monitoring and Incident Detection

Event Monitoring and Incident Detection, part of our Incident Response series, will help students develop the professional competencies to detect intrusions, determine the nature of security events, and initiate critical first response for security incidents. It will also help to build important technical skills through several labs, tabletop exercises, and case-study based activities.

The goals of this 3-day course are to examine the Incident Response Life Cycle, determine the existence of security events, and implement the Computer Security Incident Response Team (CSIRT) Services Framework, to contain, eradicate, and remediate threats. This course is for anyone interested in learning about the initial phases of Cyber Incident Response handling. This course will also help the learner understand how to approach security incidents while working in an organization.

Provider Information

More courses from this provider:
Contact Information

CDW
625 W. Adams St.
Chicago, IL 60661

Course Overview

Overall Proficiency Level
1 - Basic
Course Prerequisites
  • Basic understanding of operating system internals
  • Familiarity with the general use of Windows systems
  • Basic understanding of TCP/IP networking

Related Courses:

Training Purpose
Management Development
Skill Development
Specific Audience
All
Delivery Method
Classroom
Online, Instructor-Led
Course Locations

8890 McGaw Road
Suite 200
Columbia, MD 21045

625 W Adams Street
Chicago, IL 60661

5908 Headquarters Drive
Suite 400
Plano, TX 75024

201 N Franklin St
Floor 37
Tampa, FL 33602

40 E. Rio Salado Parkway
Suite 200
Tempe, AZ 85281

  • Classroom
  • Online, Instructor-Led

Learning Objectives

  • Describe the requirements for technical and functional preparation for Incident Response
  • Identify attack surfaces to be covered by an Incident Response Plan
  • Compare tools and processes used to monitor cyber activities
  • Construct a baseline of “normal” cyber traffic
  • Interpret data and logs of activity
  • Examine network traffic for evidence of anomalies
  • Collect evidence of anomalous activity
  • Explain the purposes of triage in incident response
  • Apply the MITRE ATT&CK matrix to anomalous activity observed
  • Construct security event timelines
  • Determine if incident escalation is appropriate
  • Report actionable data in a timely, clear, concise, and accurate manner
  • Apply playbooks in the incident response process

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov(link sends email). Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date:

You have been selected to participate in a brief survey about your experience today with National Initiative for Cybersecurity Careers and Studies.

Would you like to participate in our survey?

If you accept you will be leaving the National Initiative for Cybersecurity Careers and Studies website and going to a third party site.
That site may have different privacy, security and accessibility policies than the National Initiative for Cybersecurity Careers and Studies site.
National Initiative for Cybersecurity Careers and Studies does not endorse any commercial products, services, programs or content on the third party website.
Thank you for visiting our site. We hope your visit was informative and enjoyable.